In one implementation, a tag is associated with a tainted value of an application and an output context of the application that is associated with output from the application that includes the tainted value is determined. A taint processing is a applied to the tainted value in response to the output of the tainted value, the taint processing is compatible with the output context.
|
7. A context-sensitive application security system, comprising:
an output context monitor to monitor a current output context of an output of an application during runtime, the output including a tainted value, and to determine a context identifier associated with the output context, wherein the current output context is one of a plurality of output contexts;
a taint processing module to select a taint processing from a plurality of taint processings based on the context identifier, and to apply the taint processing to the tainted value included in the output; and
a delivery module to output the tainted value with the selected taint processing.
12. A context-sensitive application security method, comprising:
determining, by a processor, an output context of output from an application during runtime, the output including a tainted value, wherein the output context is one of a plurality of output contexts;
determining, by the processor, a context identifier associated with the output context;
selecting, by the processor, a taint processing from a plurality of taint processings based on the context identifier;
identifying, by the processor, the tainted value within the output;
applying, by the processor, the taint processing to the tainted value, the taint processing compatible with the output context; and
outputting, by the processor, the tainted value with the selected taint processing.
1. A non-transitory processor-readable medium storing code representing instructions that when executed at a processor cause the processor to:
associate a tag with a tainted value of an application, the tag to identify the tainted value as tainted;
determine an output context of the application associated with output from the application during runtime, the output including the tainted value, wherein the output context is one of a plurality of output contexts;
determine a context identifier associated with the output context;
select, using the context identifier, a taint processing from a plurality of taint processings;
apply the selected taint processing to the tainted value in response to the output of the tainted value, wherein the selected taint processing is compatible with the output context; and
output the tainted value with the selected taint processing.
3. The processor-readable medium of
4. The processor-readable medium of
5. The processor-readable medium of
the tag is included within the output; and
applying the taint processing to the tainted value includes removing the tag from the output.
6. The processor-readable medium of
8. The system of
10. The system of
11. The system of
15. The method of
16. The method of
17. The method of
|
Tainted values (e.g., data values received from untrusted sources) within applications can result in corrupted data values within and/or output from the application. Such corrupted data value can cause undesired operations within the application. As an example, a tainted value received as input to an application from an untrusted source can include an attack against a potential security vulnerability (e.g., code or values) that causes the application to malfunction. As another example, tainted values within an application can be provided as output to clients of the application and cause those clients to malfunction or operate in an undesirable manner.
To address such security vulnerabilities, some applications apply various statically-specified taint processings to tainted values to remove or mitigate security vulnerabilities in those tainted values. A taint processing is a routine or method that is applied to a tainted value to prevent that tainted value from posing a security vulnerability in the application. For example, an application can include code or instructions to apply a particular taint processing to a tainted value at a portion of the application. Accordingly, that particular taint processing is applied to the tainted value each time that portion of the application is executed or processed.
Although statically-specified taint processings can address some security vulnerabilities in tainted values, such application security methodologies can fail to sufficiently mitigate security vulnerabilities in many applications. For example, such methodologies often rely on developers to specify an effective taint processing (e.g., a taint processing that effectively mitigates a security vulnerability in a tainted value) during development of the application. Developers can make mistakes such as specifying an ineffective taint processing for a particular tainted value or portion of the application which result in security vulnerabilities that persist through such statically-specified taint processings.
Additionally, such methodologies are often ineffective due to dynamic execution paths within applications. For example, because the execution path of an application can be dynamic (e.g., respond differently to different input), a developer may be unable to select an effective taint processing for a tainted value (or portion of the application including the tainted value) during development. For example, the runtime context (or state) of the application associated with that tainted value can be unknowable during development. As another example, the number of potential runtime contexts of the application associated with that tainted value can be prohibitively large to include code or instructions in the application to handle each context.
Implementations discussed herein apply context-sensitive taint processing to tainted values to implement application security. For example, implementations discussed herein determine the context of an application during runtime and select a taint processing to apply to a tainted value within the application based on that context. Accordingly, developers need not determine an effective taint processing during development. Rather, a taint processing that is compatible with the context of the application can be selected and applied to a tainted value when that tainted value is used by the application. Said differently, implementations discussed herein perform context-sensitive application security.
As a specific example, an application security system (or context-sensitive application security system) determines an output context of an application associated with output (e.g., storing the tainted value at a data store or providing the tainted value to a user or client of the application) of a tainted value from the application. The application security system then selects a taint processing that is compatible with the output context (e.g., effectively mitigates or removes a security vulnerability of a tainted value in that output context), and applies the taint processing to mitigate a security vulnerability from the tainted value for that output context. The tainted value is then provided (or delivered) to a client of the application.
As used herein, the term “module” refers to a combination of hardware (e.g., a processor such as an integrated circuit or other circuitry) and software (e.g., machine- or processor-executable instructions, commands, or code such as firmware, programming, or object code). A combination of hardware and software includes hardware only (i.e., a hardware element with no software elements), software hosted at hardware (e.g., software that is stored at a memory and executed or interpreted at a processor), or at hardware and software hosted at hardware.
Additionally, as used herein, the term “application” refers to a module that receives input, performs one or more operations with respect to that input, and provides an output. For example, an application can be a web application hosted at a web server that receives input values from a client via a communications link such as the Internet, processes the input values to generate output values, and provides the output values to the client via the communications link. Furthermore, as used herein, the singular forms “a,” “an,” and “the” include plural referents unless the context clearly dictates otherwise. Thus, for example, the term “value” is intended to mean one or more values or a combination of values. For example, a value can include a single value such as a floating point number, integer number, text character, or a sequence of values such as a character or text string.
A client of the application is a module from which input is received at the application and/or to which output is provided by the application. In other words, as used herein, the term “client” refers to any module that provides input to and/or receives output from an application. Thus, as used herein, the term “client” includes, for example, peers, clients and servers of a traditional client-server relationship, and masters and slaves of a traditional master-slave relationship associated with the application.
A tag is associated with a tainted value at block 110 to, for example, label or identify the tainted value as or including an attack against a potential security vulnerability of an application or client. A tag is data that identifies or flags properties, traits, characteristics, attributes, conditions, or other information related to a value. Here, the tag associated with the tainted value identifies the tainted value as such.
As an example, an application can include code or instructions to associate a tag with tainted values. As a specific example, an application can invoke a routine, function, method, or other code or instructions to associate a tag with a tainted value. Such routines, functions, methods, or other code or instructions can be defined at, for example, a library. A library is a group of codes or instructions that are executed at a processor to realize or implement one or more routines, subroutines, functions, or methods.
A tag can be, for example, a value or sequence of values that is associated with the tainted value by adding the tag to the tainted value. For example, a tag can be a character or sequence of characters (or other values) and a numeric value that are added to the tainted value to identify the tainted value and a length of size of the tainted value. Moreover, such a character or sequence of characters is distinguishable from regular (e.g., other than a tag) output from an application. As an example, such a character can be a character that does not typically occur in regular output from an application such as, for example, a NULL value. Alternatively, for example, such a sequence of characters can have, as a group, a low probability of occurrence in regular output from an application.
As another example, a tag can include a begin (or open) tag that is prepended to the tainted value, and an end (or close) tag that is appended to the tainted value. Said differently, the tag can be added to a tainted value to enclose the tainted value. In other implementations, a tag can be metadata associated with a tainted value. For example, a portion or portions of a data store can include metadata related to a tainted value. More specifically, for example, a database or table at a memory can include metadata related to a tainted value, and that metadata can include a tag.
Process 100 then waits at block 120 for output (or some other use) of the tainted value. For example, an application security system implementing process 100 can analyze data values output from an application to determine whether any of the data values are tainted values. That is, for example, the application security system can determine whether any of the data values output from the application are tagged as tainted values. Referring to the example tags discussed above in relation to block 110, the application security system can access metadata associated with data values or parse the data values themselves to determine whether each data value is a tainted value. If output of a tainted value is detected at block 120, process 100 proceeds to block 130 to determine an output context of the application associated with output of the tainted value.
An output context is a context in which data values are output from an application. Data values are output from applications when those data values (or copies thereof) are provided (e.g., via a communications link, shared memory, electronic mailboxes, intra-processor communications, inter-processor communications, or other data transfer methodologies) to another application, to a data stores, to a client.
For example, if the application is a web application, data values can be output via a communications link. Furthermore, the output context can be the interpretation context of the web application. In other words, the output context can be the context in which a client of the application (e.g., a web browser for a web application) receiving the data values output from the application interprets those data values. As specific example, the output context of a web application can be a Hypertext Markup Language (HTML) output context, a JavaScript output context, a Cascading Style Sheets (CSS) output context, or other output context in which the web application outputs data values to clients.
In some implementations, the output context of the application changes during execution of the application. Referring again to an example implementation in which the application is a web application, the application can output data values during execution that should be interpreted by a client as CSS data at a first time, as HTML at a second time, as JavaScript at a third time, and as HTML again at a fourth time. That is, output from the application can include data values in a CSS output context at a first time, data values in an HTML output context at a second time, data values in a JavaScript output context at a third time, and data values in an HTML output context at a fourth time. In such implementations, the current output context (e.g., the output context in which the tainted value is output) of the application is determined at block 130. In other words, the output context that is associated with output of the tainted value detected at block 120 is determined at block 130.
The output context can be determined, for example, by monitoring the output of the application at the application security system. That is, the application security system can monitor the output of the application to determine the output context of the application. More specifically, for example, the application security system can include an output context monitor module that receives output from the application (e.g., via a runtime environment of the application) and interprets that output, for example, as a client of the application such as a web browser. The output context monitor module can, thus, track or monitor the current output context of the application. The application security module can then access an identifier or descriptor of the output context at the output context monitor module at block 130.
At block 140, a taint processing to be applied to the tainted value is selected based on the output context. Said differently, the taint processing that will be applied to the tainted value is selected from a group of taint processings based on the output context of the application. For example, a security policy for an application or application security system can specify taint processings which are compatible with output contexts. A taint processing is compatible with an output context if that taint processing effectively mitigates a security vulnerability of a tainted value output in that output context.
As an example, a security policy can specify that an output-context-specific encoding is compatible with an associated output context, and that all other taint processing is incompatible with that output context. As a specific example, a security policy can specify that an HTML encoding is compatible with an HTML output context, a JavaScript encoding is compatible with a JavaScript output context, and a CSS encoding is compatible with a CSS output context.
The taint processing selected at block 140 is then applied to the tainted value at block 150. A taint processing is any analysis, manipulation, modification, or other processing applied to a data value (such as a tainted value) to remove, mitigate, identify, or otherwise affect a security vulnerability or potential security vulnerability of that data value. For example, a taint processing can include input sanitization for an input string that will be used by an application as part of an SQL query (e.g., to prevent SQL injection). As a specific example of sanitization, taint processing can include encoding data values output from an application using an escaped character set such as an HTML escape character set, a JavaScript escape character set, an Extensible Markup Language (XML) escape character set, a CSS escape character set, or other encoding. Such encodings can mitigate or prevent security vulnerabilities such as code or instruction injection via XSS attacks.
A taint processing can be implemented as a module such as, for example, an application specific integrated circuit (ASIC) or a subroutine, a function, a method, a library routine, or other group of instructions (or code representing instructions) hosted at a processor. For example, a taint processing can be an encoding library routine that receives a tainted value as an input and encodes the tainted value to mitigate a security vulnerability in the tainted value. As a more specific example, an identifier of a variable, container, or memory location at which the tainted value is stored is provided as input to the encoding library routine, and the encoding library routine encodes the tainted value within that variable, container, or memory location. In other words, the taint processing processes the tainted value. That tainted value can then be provided to a client of the application.
Runtime environment 200 is an environment hosted at a processor and memory accessible to the processor that provides various services to application 210 and/or application security system 220. For example, runtime environment 200 provides, for example, libraries, input and output routines, code interpretation, execution isolation, and/or services during execution or runtime of application 210 at the processor. In other words, application 210 executes within runtime environment 200. As specific examples, runtime environment 200 can be a virtual machine, a Java™ Runtime Environment, or a Microsoft .NET™ runtime environment.
Application security system 220 can attach to or instrument runtime environment 200 (or to application 210 via runtime environment 200) to interact with application 210. For example, runtime environment 200 can implement an application programming interface (API), hooks (e.g., to manipulate handling of library routine or function calls, method invocations, messages, or events), or other mechanisms via which application security system 220 can interact with application 210 during execution (or runtime) of application 210.
In other implementations, application security system 220 can instrument runtime environment 200 with modified libraries or other resources via which application security system 220 can interact with application 210 during execution of application 210. Said differently, application security system 220 can modify or instrument runtime environment 200, and interact with application 210 via the modifications or instrumentation to runtime environment 200. As a specific example, application security system 220 can replace an output library of runtime environment 200 with a modified output library that allows application security system 220 to receive output from application 210. In one example implementation, application security system 220 can instrument runtime environment 200 to intercept output from application 210. Application security system 220 then analyzes, processes, and forwards that output to client 290.
Tainted values within application 210 are tagged during execution of application 210. For example, application 210 can include a module or a group of modules that tag tainted values. As a specific example, application 210 can include a routine that is applied to data values (or tainted values) received as input to the application and associates tags with (or tags) those data values as tainted values. As another example, application 210 can provide tainted values to a module within runtime environment 200 such as a routine of a library or application (or web) framework within runtime environment 200, which associates tags with those tainted values.
In some implementations, application security system 220 provides such a module to runtime environment 200. That is, application security system 220 can instrument runtime environment 200 with such a module. In yet other implementations, application 210 can provide tainted values to application security system 220 (e.g., via runtime environment 200), and application security system 220 can associate tags with those tainted values.
Additionally, application security system 220 receives output from application 210. For example, as discussed above, application security system 220 can receive output (e.g., tainted values and/or other data values output) from application 210 via runtime environment 200. Application security system 220 then processes (or handles) the output.
As a specific example, output received from application 210 is provided to output context monitor 222. Output context monitor 222 monitors or tracks the output context of an application. In other words, output context monitor 222 maintains a descriptor or identifier of the current output context of the application. As a specific example, output context monitor 222 can receive the output from the application and interpret the output (e.g., the data value output) from the application as a client of the application to monitor the output context. Accordingly, the output context descriptor (i.e., description or identifier of the current output context of the application) maintained by output context monitor 222 represents the interpretation context (or state) of the client for the output.
Application security system 220 determines whether the output from application 210 includes a tainted value. If the output does not include a tainted value, application security system 220 provides (or delivers or forwards) the output to client 290 without applying a taint processing to the output. If, however, the output includes a tainted value, taint processing module 221 receives a context identifier associated with output of the tainted value (i.e., an output context descriptor that represents the output context of the application when the tainted value is output from the application) from output context monitor 222, and taint processing module 221 selects a taint processing for the output context of the application. For example, taint processing module 221 can access a security policy to determine which taint processing from a group of taint processings should be selected for a particular output context.
Taint processing module 221 then applies the selected taint processing to the tainted value (or the output including the tainted value), and the output is subsequently provided to the client. In some implementations, output from application 210 is processed at application security system 220 in a block mode. That is, a group of data values is received from application 210, applied to output context monitor 222, provided to taint processing module 221 if there are any tainted values in the group of data values, and then forwarded to client 290. In other implementations, output from application 210 is processed at application security system 220 in a stream mode. That is, output from application 210 is processed at application security system 220 as it is provided to application security system 220 without waiting for a predetermined amount of data values to be received.
Memory 330 is a processor-readable medium that stores instructions, codes, data, or other information. As used herein, a processor-readable medium is any medium that stores instructions, codes, data, or other information non-transitorily and is directly or indirectly accessible to a processor. Said differently, a processor-readable medium is a non-transitory medium at which a processor can access instructions, codes, data, or other information. For example, memory 330 can be a volatile random access memory (RAM), a persistent data store such as a hard disk drive or a solid-state drive, a compact disc (CD), a digital video disc (DVD), a Secure Digital™ (SD) card, a MultiMediaCard (MMC) card, a CompactFlash™ (CF) card, or a combination thereof or other memories. In some implementations, memory 330 can be integrated with processor 310, separate from processor 310, or external to computing device 300.
Memory 330 includes operating system 331, application 333, output context monitor 334, output analysis module 335, taint processing module 336, and delivery module 337. Output context monitor 334, output analysis module 335, taint processing module 336, and delivery module 337 collectively implement an application security system. Operating system 331, application 333, output context monitor 334, output analysis module 335, taint processing module 336, and delivery module 337 are each instructions or code that—when executed at processor 310—cause processor 310 to perform operations that implement, respectively, an operating system, an application, an output context monitor, an output analysis module, a taint processing module, and a delivery module. Said differently, operating system 331, application 333, output context monitor 334, output analysis module 335, taint processing module 336, and delivery module 337 are hosted at computing device 300.
Output context monitor 334 and taint processing module 336 are similar to output context monitor 222 and taint processing module 221, respectively, illustrated in
Delivery module 337 provides output from application 333 to clients of application 333. More specifically, delivery module 337 provides output from application 333 after one or more taint processings are applied to tainted values, if any, within the output. As an example, of interaction among application 333, output context monitor 334, output analysis module 335, taint processing module 336, and delivery module 337 are discussed in more detail below in relation to
In some implementations, computing device 300 can be a virtualized computing device. For example, computing device 300 can be hosted as a virtual machine at a computing server. Moreover, in some implementations, computing device 300 can be a virtualized computing appliance, and operating system 331 is a minimal or just-enough operating system to support (e.g., provide services such as a communications stack and access to components of computing device 300 such as a communications interface module (not shown)) an application security system.
An application security system (e.g., an application security system including output context monitor 334, output analysis module 335, taint processing module 336, and delivery module 337) can be accessed or installed at computing device 300 from a variety of memories or processor-readable media. For example, computing device 300 can access a remote processor-readable medium via a communications interface module (not shown) and the application security system at that processor-readable medium. As a specific example, computing device 300 can be a thin client that accesses operating system 331 and the application security system during a boot sequence.
As another example, computing device 300 can include (not illustrated in
In some implementations, an application security system can be accessed at or installed from multiple sources, locations, or resources. For example, some components or modules of the application security system can be installed via a communications link, and other components or modules of the application security system can be installed from a DVD.
Output 360 is provided to output context monitor 334 and output analysis module 335 within application security system 338. Output context monitor 334 analyzes, parses, or interprets output 360 to monitor, track, or otherwise determine the output context (e.g., maintain a current output context) of application 333, and provides context identifier 366 to taint processing module 336. For example, output context monitor 334 can provide context identifier 366 (e.g., a signal or other data) to taint processing module 336 each time output context monitor 334 determines that the current output context of application 333 has changed or been altered. That is, output context monitor 334 can proactively update taint processing module 336 about changes in the output context of application 333. In other implementations, output context monitor 334 can provide context identifier 366 to taint processing module 336 in response to a request from taint processing module 336 for the current output context of application 333. That is, taint processing module 336 can determine the output context of application 333 using information (e.g., context identifier 366) pushed to taint processing module 336 by output context monitor 334, or using information pulled from output context monitor 334 by taint processing module 336.
Output analysis module 335 parses output 360 and/or processes other information (e.g., metadata or signals representing tags) provided to application security system 338 to identify tainted value 363 within output 360. As illustrated in
Taint processing module 336 determines the output context of application 333 associated with tainted value 363 (e.g., the current output context of application 333 when tainted value 363 is output from application 333) based on context identifier 366, and selects a taint processing that is compatible with that context from a group of taint processings. In some implementations, output analysis module 335 and output context monitor 334 synchronously process output 360 to synchronize tainted values provided to taint processing module 336 with context identifier provided by output context monitor 334. In other words, output analysis module 335 and output context monitor 334 can synchronously process output 360 to ensure that context identifier 366 provided by output context monitor 334 is associated with tainted value 363 provided to taint processing module 336.
After the selected taint processing is applied to tainted value 363, tainted value 363 (which may have been modified or altered by the selected taint processing) is provided to delivery module 337. Delivery module 337 also receives data values 361 and data values 365 from output analysis module 335. Delivery module 337 then provides (or delivers) data values 361, tainted value 363, and data values 365 to client 390. In some implementations, delivery module 337 receives signals or commands from output analysis module 335 and/or taint processing module 336 to synchronize delivery of data values 361, tainted value 363, and data values 365 to client 390. That is, output analysis module 335 and/or taint processing module 336 provide signals or commands to delivery module 337 to indicate an order of data values 361, tainted value 363, and data values 365. In other implementations, data values 361, tainted value 363, and data values 365 are serially provided to delivery module 337 by output analysis module 335 and/or taint processing module 336 to preserve an order of data values 361, tainted value 363, and data values 365.
As illustrated in
In other implementations, an application and an application security system can be implemented at separate computing devices. For example,
Communications link 570 includes devices, services, or a combination thereof that define communications paths between computing device 510, computing device 520, client 590, and/or other devices or services. For example, communications link 570 can include one or more of a cable (e.g., twisted-pair cable, coaxial cable, or fiber optic cable), a wireless link (e.g., radio-frequency link, optical link, or sonic link), or any other connectors or systems that transmit or support transmission of signals. Communications link 570 can include communications networks such as an intranet, the Internet, other telecommunications networks, or a combination thereof. Additionally, communications link 570 can include proxies, routers, switches, gateways, bridges, load balancers, and similar communications devices. Furthermore, the connections or communications paths illustrated in
As illustrated in
Additionally, application security system 525 selects taint processings to be for the tainted values based on the output contexts of application 515 associated with those tainted values at block 630, and applies those taint processings to the tainted values at block 640. Application security system 525 then provides the output from application 515 including the processed tainted values (i.e., the tainted values to which the taint processing were applied) to client 590 at block 650. In other words, application security system 525 receives output from application 515, processes the output by applying context-sensitive or—specific taint processings to tainted values within the output, and provides the processed output to the client. Thus, application security system 525 can mitigate security vulnerabilities such as XSS vulnerabilities or other code injection vulnerabilities.
While certain implementations have been shown and described above, various changes in form and details may be made. For example, some features that have been described in relation to one implementation and/or process can be related to other implementations. In other words, processes, features, components, and/or properties described in relation to one implementation can be useful in other implementations. As another example, functionalities discussed above in relation to specific modules or elements can be included at different modules, engines, or elements in other implementations. Furthermore, it should be understood that the systems, apparatus, and methods described herein can include various combinations and/or sub-combinations of the components and/or features of the different implementations described. Thus, features described with reference to one or more implementations can be combined with other implementations described herein.
Chess, Brian V, Fay, Sean Patrick
Patent | Priority | Assignee | Title |
11556705, | Oct 29 2020 | International Business Machines Corporation | Natural language processing payload generation |
9830149, | Jan 14 2016 | DOORDASH, INC | Automatic extraction of sensitive code fragments to be executed in a sandbox |
Patent | Priority | Assignee | Title |
7292160, | Apr 19 2006 | Microsoft Technology Licensing, LLC | Context sensitive encoding and decoding |
7617532, | Jan 24 2005 | NORTONLIFELOCK INC | Protection of sensitive data from malicious e-mail |
7624440, | Aug 01 2006 | TRUSTATE INTERNATIONAL INC | Systems and methods for securely providing and/or accessing information |
8127360, | Jun 29 2006 | CA, INC | Method and apparatus for detecting leakage of sensitive information |
20020178271, | |||
20050060537, | |||
20060277604, | |||
20080109680, | |||
20110082848, | |||
20110145918, | |||
20110321016, | |||
20120167209, | |||
20130086676, | |||
WO2009139994, |
Executed on | Assignor | Assignee | Conveyance | Frame | Reel | Doc |
Sep 29 2011 | Hewlett-Packard Development Company, L.P. | (assignment on the face of the patent) | / | |||
Sep 29 2011 | FAY, SEAN PATRICK | HEWLETT-PACKARD DEVELOPMENT COMPANY, L P | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 026993 | /0670 | |
Sep 29 2011 | CHESS, BRIAN V | HEWLETT-PACKARD DEVELOPMENT COMPANY, L P | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 026993 | /0670 | |
Oct 27 2015 | HEWLETT-PACKARD DEVELOPMENT COMPANY, L P | Hewlett Packard Enterprise Development LP | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 037079 | /0001 | |
Apr 05 2017 | Hewlett Packard Enterprise Development LP | ENTIT SOFTWARE LLC | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 042746 | /0130 | |
Sep 01 2017 | Attachmate Corporation | JPMORGAN CHASE BANK, N A | SECURITY INTEREST SEE DOCUMENT FOR DETAILS | 044183 | /0718 | |
Sep 01 2017 | Borland Software Corporation | JPMORGAN CHASE BANK, N A | SECURITY INTEREST SEE DOCUMENT FOR DETAILS | 044183 | /0718 | |
Sep 01 2017 | NetIQ Corporation | JPMORGAN CHASE BANK, N A | SECURITY INTEREST SEE DOCUMENT FOR DETAILS | 044183 | /0718 | |
Sep 01 2017 | SERENA SOFTWARE, INC | JPMORGAN CHASE BANK, N A | SECURITY INTEREST SEE DOCUMENT FOR DETAILS | 044183 | /0718 | |
Sep 01 2017 | ARCSIGHT, LLC | JPMORGAN CHASE BANK, N A | SECURITY INTEREST SEE DOCUMENT FOR DETAILS | 044183 | /0718 | |
Sep 01 2017 | ENTIT SOFTWARE LLC | JPMORGAN CHASE BANK, N A | SECURITY INTEREST SEE DOCUMENT FOR DETAILS | 044183 | /0718 | |
Sep 01 2017 | MICRO FOCUS SOFTWARE, INC | JPMORGAN CHASE BANK, N A | SECURITY INTEREST SEE DOCUMENT FOR DETAILS | 044183 | /0718 | |
Sep 01 2017 | MICRO FOCUS US , INC | JPMORGAN CHASE BANK, N A | SECURITY INTEREST SEE DOCUMENT FOR DETAILS | 044183 | /0718 | |
May 23 2019 | ENTIT SOFTWARE LLC | MICRO FOCUS LLC | CHANGE OF NAME SEE DOCUMENT FOR DETAILS | 050004 | /0001 | |
Jan 31 2023 | JPMORGAN CHASE BANK, N A | NetIQ Corporation | RELEASE OF SECURITY INTEREST REEL FRAME 044183 0718 | 062746 | /0399 | |
Jan 31 2023 | JPMORGAN CHASE BANK, N A | MICRO FOCUS SOFTWARE INC F K A NOVELL, INC | RELEASE OF SECURITY INTEREST REEL FRAME 044183 0718 | 062746 | /0399 | |
Jan 31 2023 | JPMORGAN CHASE BANK, N A | Attachmate Corporation | RELEASE OF SECURITY INTEREST REEL FRAME 044183 0718 | 062746 | /0399 | |
Jan 31 2023 | JPMORGAN CHASE BANK, N A | SERENA SOFTWARE, INC | RELEASE OF SECURITY INTEREST REEL FRAME 044183 0718 | 062746 | /0399 | |
Jan 31 2023 | JPMORGAN CHASE BANK, N A | MICRO FOCUS US , INC | RELEASE OF SECURITY INTEREST REEL FRAME 044183 0718 | 062746 | /0399 | |
Jan 31 2023 | JPMORGAN CHASE BANK, N A | Borland Software Corporation | RELEASE OF SECURITY INTEREST REEL FRAME 044183 0718 | 062746 | /0399 | |
Jan 31 2023 | JPMORGAN CHASE BANK, N A | MICRO FOCUS LLC F K A ENTIT SOFTWARE LLC | RELEASE OF SECURITY INTEREST REEL FRAME 044183 0718 | 062746 | /0399 | |
Jan 31 2023 | JPMORGAN CHASE BANK, N A | MICRO FOCUS LLC F K A ENTIT SOFTWARE LLC | RELEASE OF SECURITY INTEREST REEL FRAME 044183 0577 | 063560 | /0001 |
Date | Maintenance Fee Events |
Nov 21 2018 | M1551: Payment of Maintenance Fee, 4th Year, Large Entity. |
Nov 16 2022 | M1552: Payment of Maintenance Fee, 8th Year, Large Entity. |
Date | Maintenance Schedule |
Jun 09 2018 | 4 years fee payment window open |
Dec 09 2018 | 6 months grace period start (w surcharge) |
Jun 09 2019 | patent expiry (for year 4) |
Jun 09 2021 | 2 years to revive unintentionally abandoned end. (for year 4) |
Jun 09 2022 | 8 years fee payment window open |
Dec 09 2022 | 6 months grace period start (w surcharge) |
Jun 09 2023 | patent expiry (for year 8) |
Jun 09 2025 | 2 years to revive unintentionally abandoned end. (for year 8) |
Jun 09 2026 | 12 years fee payment window open |
Dec 09 2026 | 6 months grace period start (w surcharge) |
Jun 09 2027 | patent expiry (for year 12) |
Jun 09 2029 | 2 years to revive unintentionally abandoned end. (for year 12) |